CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-7884

HIGH
8.4
CVSS Severity Score
EPSS Score0.0520%
EPSS Percentile44.60th
Published2017年6月16日
Last Modified2026年5月13日

Vulnerability Description

In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup. This occurs because of "RW NT AUTHORITY\Authenticated Users" permissions for %SYSTEMDRIVE%\apcupsd\bin\apcupsd.exe.

Affected Platforms (CPE)

📦
Apcupsd

Apc Ups Daemon

<= 3.14.14

References & Advisories

🔗 http://seclists.org/fulldisclosure/2017/Jun/20
🔗 http://www.securityfocus.com/bid/99092
🔗 http://www.securitytracker.com/id/1038707
🔗 http://seclists.org/fulldisclosure/2017/Jun/20
🔗 http://www.securityfocus.com/bid/99092
🔗 http://www.securitytracker.com/id/1038707

関連する脆弱性情報

CVE-2001-00402.1

APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by s...

CVE-2017-796410.0

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote att...

CVE-2017-232010.0

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenti...

CVE-2017-721310.0

Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops...